Privacy Policy

This Privacy Policy describes how Introspection, LLC a/k/a Stamp or StampHuman ("we," "us," or "our") collects, uses and discloses personal information when consumers access or use our online service (the "Service"). The Service enables users to upload and store personal information, including photographs, audio recordings and biographical information in order to create AI-generated experiences and avatars ("Stamps"). Use of the Service is subject to our Terms of Service.

By using the Service, you agree to the practices described in this Privacy Policy.

Users in certain jurisdictions, such as residents of a U.S. state with a comprehensive consumer privacy law, the United Kingdom, European Economic Area and Switzerland, have specific rights which are set forth in the YOUR RIGHTS, CHOICES AND OPT OUT section below.

This Privacy Policy applies to personal information we collect from or about consumers who access or use the Service. The Service is not intended for children under 18 years of age, and we do not knowingly collect personal information from children under 18. If we learn we have collected personal information from a child in violation of this Policy, we will take appropriate steps to delete such information.

We collect personal information directly from you, automatically from your device and browser, and from third parties as described below.

Information you provide to us. We collect:

• Account and profile information, such as name, email address, password or authentication credentials, phone number, mailing address, and preferences.
• Content you upload, including photographs, audio recordings, biographical information, and other data you choose to provide ("User Content").
• Communications and support information, such as messages, survey responses, and interactions with our customer support team.
• Payment and subscription information processed by our payment processor, such as subscription plan, billing address, and limited payment details (we do not store full payment card numbers).

Information collected automatically on the Service, including via emails we send to you. We collect:

• Usage data, such as pages viewed, features used, clickstream, date/time stamps, and referral URLs.
• Device and network data, including IP address, device identifiers, browser type, operating system, language, and mobile device information.
• Cookies, pixels, and similar technologies, including third-party analytics pixels and third-party advertising trackers, as described under "Cookies and Similar Technologies."

Information from third parties. We may receive:

• Analytics insights from our analytics providers.
• Advertising identifiers and interest segments from advertising partners, to deliver and measure targeted advertising where permitted by law and with your consent where required by law.
• Information from sign-in providers if you choose to link an account (e.g., name, email), subject to your settings with those providers.

We use personal information to:

• Provide, operate, maintain, and secure the Service, including creating and managing accounts and subscriptions, hosting and storing uploaded content, and providing customer support.
• Process payments and fulfill transactions.
• Analyze usage, fix errors, improve performance, and develop new features and services.
• Personalize the Service, including remembering your preferences and settings.
• Perform analytics and audience measurement, including through third-party analytics pixels.
• Provide, measure, and improve advertising and marketing, including targeted advertising with third-party trackers where permitted by law.
• Detect, prevent, and protect against fraud, abuse, security risks, and violations of our terms or policies, and comply with legal obligations.
• Establish, exercise, or defend legal claims and protect our rights, property, users, and the public.

Where GDPR/UK GDPR applies, we process personal data under these legal bases:

• Contract: To provide and operate the Service and perform our contract with you.
• Consent: For placing or reading non-essential cookies and for targeted advertising and certain marketing communications, as required by law. You can withdraw consent at any time as described below.
• Legitimate interests: To secure and improve the Service, perform analytics, prevent fraud, and engage in limited marketing, provided our interests are not overridden by your rights and freedoms.
• Legal obligation: To comply with applicable laws and regulatory requirements.

We and our partners use cookies, pixels, tags, and similar technologies to operate and secure the Service (including in our emails), remember preferences, perform analytics, and provide targeted advertising. We do not use information you enter into your MindMaps on the Service for targeted advertising. We only use information such as the fact that you have landed on the Service or limited identifiers (such as email addresses) for such targeted advertising. Third-party analytics pixels help us understand how users interact with the Service. Third-party advertising trackers enable us and our partners to deliver and measure targeted ads on our properties and on third-party sites and apps.

By way of example, we use Google Analytics on this Service and other Google services in connection with our Service. For information about Google Analytics please see How Google uses information from sites or apps that use our services, located at www.google.com/policies/privacy/partners/. To opt-out of Google Analytics, please copy and paste https://tools.google.com/dlpage/gaoptout into your browser and download the Google Analytics opt-out browser add-on.

Based on your web browser, you may have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the services. Further information on cookies is available at www.allaboutcookies.org.

Please note that, unless required by law, we do not respond to or honor "Do Not Track" (a/k/a DNT) signals or similar mechanisms transmitted by web browsers.

You can manage cookie preferences through our cookie banner and settings, your browser or device settings, and the opt-out mechanisms described under YOUR RIGHTS, CHOICES AND OPT OUT. Where required by law, we request your consent before using non-essential cookies and similar technologies.

We disclose personal information to:

• Service providers and processors that perform services on our behalf, such as AI and other technology providers, hosting, storage, customer support, analytics, security, and payment processing, under appropriate contractual safeguards.
• Analytics partners that provide measurement and insights based on pixels and similar technologies.
• Advertising partners to facilitate targeted advertising, ad measurement, and attribution where permitted by law and with your consent where required.
• Other users only when you activate a Legacy Plan and choose to share content with family members you designate. Unless and until you activate a Legacy Plan and configure sharing, we do not publicly display your content or personal information.
• Professional advisors, auditors, and insurers for compliance and risk management purposes.
• Authorities, regulators, law enforcement, courts, or other third parties, when we believe disclosure is necessary to comply with law, to protect our rights or the rights of others, or to investigate or prevent fraud or security incidents.
• In connection with a corporate transaction, such as a merger, acquisition, or asset sale, subject to appropriate safeguards.

AI service providers. To provide the Service, we share certain user data with third-party AI and service providers who process this data on our behalf. This includes providers for voice processing, image processing, conversation processing, and analytics.

We do not sell your personal information for money. We may "share" personal information for cross-context behavioral advertising or engage in "targeted advertising" as those terms are defined under certain state privacy laws. You can opt out as described under YOUR RIGHTS, CHOICES AND OPT OUT below.

By default, personal information and content you upload are not publicly displayed. If you activate a Legacy Plan, you may invite and authorize specific persons to view your content. Content shared via a Legacy Plan is visible only to the members you designate. You can adjust or revoke sharing at any time within your account settings. Deactivating a Legacy Plan or removing a member will end their access to shared content going forward.

We retain personal information only for as long as necessary to operate the Service and fulfill the purposes described in this Policy. If your account is no longer active for any reason, we may retain your data in encrypted storage for a period of time for legal, compliance, safety, and fraud prevention purposes. After this period, data may be permanently deleted. We also maintain database backups on a rolling basis for disaster recovery purposes. After you delete your data, copies may temporarily remain in our backup systems for a period of time before being automatically overwritten. To better understand when and how we delete your data, please see our FAQs.

We do not seek to collect sensitive personal information, and you are advised not to provide such information to us. Photographs you upload may contain or reveal sensitive attributes depending on your content; you should only upload content you are comfortable sharing within the Service and, if applicable, your Legacy Plan.

We implement administrative, technical, and physical safeguards designed to protect personal information against accidental, unlawful, or unauthorized access, destruction, loss, alteration, disclosure, or use. Despite these safeguards, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, New Hampshire, Delaware, Iowa, Nebraska, New Jersey, Tennessee, Minnesota, Maryland, Kentucky, Indiana, Rhode Island or another U.S. state that has similar privacy legislation (collectively, "Covered States"), you may have specific rights regarding your personal information under: the California Consumer Privacy Act ("CCPA"), Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, Texas Data Privacy and Security Act, Oregon Consumer Privacy Act, Montana Consumer Data Privacy Act, New Hampshire Data Privacy Act, Delaware Personal Data Privacy Act, Iowa Consumer Data Protection Act, Nebraska Data Privacy Act, New Jersey Data Protection Act, Tennessee Information Protection Act, Minnesota Consumer Data Privacy Act, Maryland Online Data Privacy Act, Kentucky Consumer Data Protection Act, Indiana Consumer Data Protection Act, Rhode Island Data Transparency and Privacy Protection Act or similar laws in other U.S. states (collectively, "State Privacy Laws"). This section describes the rights that consumers of Covered States have and explains how to exercise those rights. To be clear, these rights are granted only to the extent that Introspection, LLC is subject to such State Privacy Laws and you are considered a consumer of Covered State and we are acting as a "controller" or "business" (as applicable) under State Privacy Laws with respect to your personal information. The rights in this section are not intended to grant you additional rights, but only your rights under the State Privacy Laws.

The categories of personal information we process, our purposes for processing your personal information, the categories of personal information that we share with third parties, and the categories of third parties with whom we share it are set forth in the terms of the Privacy Policy above.

In addition to the rights set forth in our Privacy Policy, State Privacy Laws may, depending on your state of residence, provide you with the following rights:

• Right to know. You may have the right to know whether we process your personal information and to access such personal information. You may also have the right to request that we disclose certain information to you about our collection, use, or disclosure of your personal information. Residents of Minnesota or Oregon have the right to: (i) confirm additional information about the categories of personal information we have processed about them; and (ii) obtain a list of third parties to which we have disclosed the personal information of Minnesota or Oregon consumers. Residents of Delaware or Maryland have the right to obtain a list of the categories of third parties to which we have disclosed the personal information of Delaware or Maryland consumers.
• Right to data portability. You may have the right to obtain a copy of your personal information that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another business without hindrance, where the processing is carried out by automated means.
• Right to delete. You may have the right to delete personal information that you have provided or that we have obtained about you. Please note that we may deny such a request if the requested deletion falls under an exception as set forth in the State Privacy Laws. Additionally, for residents of Colorado, Connecticut, and Texas, if you request deletion of your personal information and we have obtained such information from a third-party source, we may retain such data by keeping a record of the deletion request and the minimum data necessary to ensure that your personal information remains deleted from our records and that such retained data is not used for any other purpose, or we may opt you out of the processing of such personal information for any purpose except for those allowed under State Privacy Laws. Some State Privacy Laws, like those of Iowa and Utah, limit this right to only the data you have provided us.
• Right to correct. You may have the right to correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes for which we process it.
• Right to opt out. You may have the right to opt out of the processing of your personal information for purposes of: (i) targeted advertising; (ii) the sale of personal information; (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you or (iv) selling/sharing (as defined by the CCPA).
• Right to Limit the Use of Sensitive Personal Information. You may have the right to limit the use of your sensitive personal information. While we do not solicit or encourage users to provide such information, users may decide on their own to provide some information that might be considered sensitive, such as religion or cultural background.
• Right to nondiscrimination. You have the right not to receive discriminatory treatment by us for the exercise of your privacy rights. Unless permitted by the State Privacy Laws, we will not:
  • Deny you goods or services;
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
  • Provide you a different level or quality of goods or services; or
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

To exercise any of the rights described above, you may:

• Email us at support@stamphuman.com.
• Fill out our webform here.

Only you, or a person or business entity that you authorize to act on your behalf (an "authorized agent"), may make the requests set forth above. You may also make a request on behalf of your minor child. If you are an authorized agent or an adult acting on behalf of your minor child, please reach out by emailing to support@stamphuman.com so we could verify your authority.

In order to protect the security of your personal information, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. However, we will process opt-out requests without any additional verification, unless we suspect fraud. The method used to verify your identity will vary depending on the nature of the request. Generally speaking, verification will be performed through technical means of matching your device or identifiers to the data we possess.

We will make every effort to respond to your request within 45 days from when you contacted us. If you have a complex request, the State Privacy Laws may allow us up to 90 days to respond. We will still contact you within 45 days from when you contacted us to let you know we need more time to respond.

If we decline to take action on a request that you have submitted, we will inform you of our reasons for doing so, and provide instructions for how to appeal the decision. Depending on your state of residence you may have the right to appeal within a reasonable period of time after you have received our decision. If you have this appeal right, within 60 days (or 45 days for residents of Colorado) of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If we deny your appeal, we will provide you with a method for contacting your state attorney general's office to submit a complaint to the extent required by State Privacy Laws.

IF YOU ARE SITUATED IN THE EUROPEAN ECONOMIC AREA, SWITZERLAND, OR THE UNITED KINGDOM, THIS SECTION APPLIES TO OUR COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL DATA AND ADDITIONAL RIGHTS YOU HAVE UNDER APPLICABLE LAW.

Data Controller

Introspection, LLC is the data controller of all personal data collected through our Service. To contact us, please reach us at support@stamphuman.com.

Supervisory Authorities

If you are situated in the EEA, Switzerland, or the UK and have any complaints regarding our privacy practices, you have the right to make a complaint at any time to your local supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach your supervisory authority, so please contact us in the first instance. If you have a complaint, please contact us at support@stamphuman.com.

Provision of personal data and failure to provide personal data

Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may not be able to provide certain services to you.

Collection of personal data from third-party sources

We may obtain personal data and other information about you from public sources and through our third-party partners who help us provide our products and services to you.

Withdrawing your consent

If we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time by contacting us at support@stamphuman.com.

Data Transfer

We may transfer personal data from the EEA, Switzerland, and the UK to the United States and other countries, some of which have not been determined by the European Commission or the UK Secretary of State to have an adequate level of data protection. Where we use certain vendors, we may use specific contracts approved by the European Commission or the UK Secretary of State which give personal data the same protection it has in Europe.

Data Subject Rights

If you are situated in the European Union, Switzerland, or the UK, under the GDPR, as a data subject, you have the right to:

• Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
• Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

To exercise your rights under the GDPR, please contact us at support@stamphuman.com. Please note that in order for you to assert these rights, we may need to verify your identity to confirm your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. In order to verify your identity, we may need to gather more personal data from you than we currently have.

International Data Transfers

We may transfer personal information to countries outside your country of residence, including to the United States, where we and our service providers operate. When transferring personal data from the EEA/UK/Switzerland, we rely on appropriate safeguards, such as European Commission–approved Standard Contractual Clauses and UK addenda, and implement supplementary measures as needed. Information stored in the USA may be subject to lawful requests by the courts or law enforcement authorities in such countries.

Third-Party Links and Services

The Service may contain links to third-party websites, apps, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice as required by law, such as by posting the updated Policy on the Service with a new effective date or by sending you a notification. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy. If the change results in data processing activities that are not reasonably necessary to or compatible with the original specified purposes that we disclosed in the prior version of our Privacy Policy, we will provide a reasonable opportunity for you to withdraw consent to any further materially different collection, processing, or transfer of previously collected personal information under the changed terms.

If you have questions about this Privacy Policy, please contact us at:

Introspection, LLC
PO Box 322, 4817 Murfreesboro Rd, Arrington, TN. 37014
support@stamphuman.com